OpenBSD 6.7 lite desktop on an old Thinkpad X60

home / OpenBSD lite

OpenBSD 6.7 lite desktop on an old Thinkpad X60

This page describes a 'lite' OpenBSD desktop with graphical applications. I used a Thinkpad X60 with 2Gb RAM and a 60Gb SSD.

I have linked to the OpenBSD FAQ and the man pages for commands throughout this page. Don't forget to skim man afterboot, and man hier will be helpful if you plan on editing the partition layout instead of accepting the installer's [A]utomatic suggestion.


See OpenBSD FAQ - Installation Guide especially the Pre-installation Checklist

OpenBSD has one of the easiest installers I've ever used. It just asks a series of questions with sensible defaults in brackets and takes a couple of minutes to install the base system including X Windows.

The rest of this page assumes that the graphical login called xenodm was enabled. If it wasn't xenodm can be enabled using the rcctl command as root...

foo# rcctl enable xenodm
foo# reboot

Rebooting into xenodm and logging in reveals the OpenBSD default window manager called fvwm...

Default X Windows session with fvwm

screen grab of default fvwm 
2.2.5 desktop on OpenBSD 6.7

There should be a single xterm window in the top left of the screen. The font might be really small. Ctrl-Right Mouse Click over the window and select 'Huge' from the VT Fonts menu that appears. The xterm window will get larger and the text more readable.

Silence the bell for the session...

foo$ xset b off

If you need to switch off the computer part way through configuration use shutdown as root to close the computer down cleanly...

foo# shutdown -ph now

If the fvwm window manager is too annoying, Ctrl-F2 for a console log-in and enter the commands below there. Ctrl-F5 to return to the X Window session.

Edit /etc/X11/xenodm/Xsetup_0 to make options permanent

Edit (as root) the /etc/X11/xenodm/Xsetup_0 file to xconsole starting and to silence the bell and set a background colour for the xenodm login screen in place of the default check pattern. My Xsetup_0 file looks like this...

foo$ cat /etc/X11/xenodm/Xsetup_0
# $OpenBSD: Xsetup_0,v 1.6 2019/06/29 13:33:06 espie Exp $

#xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail
xset b off
xset b 0 0 0
xsetroot -solid WebMaroon
#  install package openbsd-backgrounds
#  then uncomment:
# if test -x /usr/local/bin/openbsd-wallpaper
# then
#       /usr/local/bin/openbsd-wallpaper
# fi

# sxpm OpenBSD.xpm &

I have just commented out the xconsole line and added commands to silence the bell and set a named colour for the log-in screen. OpenBSD base provides the vi and mg editors. I tend to wait until I have nano installed before editing configuration files...

Fun fact: OpenBSD base comes with xwd that can take a screen shot of the screen and xwud that can display the resulting file. GIMP can load xwd files. Try...

foo$ sleep 10 && xwd -root > screenie.xwd
foo$ xwud -scale -in screenie.xwd

Connect to the Internet and install any firmware using fw_update

Skim the OpenBSD FAQ - Networking, especially the Wireless Networking section.

Wired connection

For a wired connection, type the following as root...

foo# ifconfig em0 up
foo# dhclient em0

...where em0 is the interface for the network card. The dhclient should print a message with details of the lease.

Install firmware with fw_update

See man fw_update and possibly the firmware download site.

OpenBSD make available some firmware packages which, for licencing reasons, they are not able to distribute in the installer image. As root type...

foo# fw_update

If a wired connection is not available and the WiFi card itself requires firmware then the relevant package can be downloaded on another computer and copied to the target machine. Use fw_update -p command with the path to firmware package to install the firmware.


Use ifconfig without arguments to find a list of the interfaces on the computer. My computer has the WiFi interface urtw0.

I use a hostname.if file to connect to known WiFi networks...

foo$ cat /etc/hostname.urtw0
join MyHomeNetwork wpakey PassWord

OpenBSD comes with vi or mg as terminal editors. The echo command can be easier for creating short files, as root...

foo# echo "join myhomewifi wpakey pass_phrase" >> /etc/hostname.urtw0
foo# echo "dhcp" >> /etc/hostname.urtw0

Then restart the network...

foo# sh /etc/netstart

Check you have a functioning connection using ping...

foo# ping -c 3

Update the base system using syspatch

See man syspatch and the OpenBSD 6.7 Errata page

Run the syspatch command as root without arguments...

foo# syspatch
Get/Verify syspatch67-001_wscons.tgz 100% |*************|   113 KB    00:00    
Installing patch 001_wscons
Get/Verify syspatch67-002_rpki.tgz 100% |***************| 36470       00:00    
Installing patch 002_rpki
.... more lines ....
Relinking to create unique kernel... done; reboot to load the new kernel
Errata can be reviewed under /var/syspatch

...and as suggested, reboot into the new kernel...

foo# reboot

Use pkg_add to install applications

The OpenBSD FAQ - Package management page provides a clear overview. A content distribution network address for OpenBSD mirrors is set during installation...

foo$ cat /etc/installurl

Type the name of the package as an argument to pkg_add to install the package and all its dependencies. As an example, I usually install the nano editor as I find it easier to use than vi or mg...

foo# pkg_add nano  
quirks-3.124 signed on 2019-04-15T12:10:16Z # example from 6.5
quirks-3.124: ok
nano-4.0:libiconv-1.14p3: ok
nano-4.0:gettext- ok
nano-4.0: ok

Application choice is quite personal but most people will need an up to date Web browser. Firefox and Chromium are both available in packages, I tend towards Firefox.

Larger and more complex packages will provide pkg-readmes located at /usr/local/share/doc/pkg-readmes/. Reading these will save time and mystification as features change. As an example of what I mean have a look at the pkg-readme for Firefox...

foo$ less /usr/local/share/doc/pkg-readmes/firefox

The section on pledge(2) and unveil(2) Support illustrates a feature of OpenBSD. The Chromium package in OpenBSD has also been compiled with pledge/unveil support.

Occasionally, there is a connection glitch and a package will not be correctly downloaded. pkg_add will mark such packages with the prefix partial-. I find that repeating the pkg_add command a bit later clears those up.

Enable user shutdown, power management and screen locking

Use doas.conf to allow user to power off the computer

See man doas, man doas.conf and Ted Unangst's doas mastery.

The doas command is the OpenBSD replacement for sudo. Adding the following lines to the /etc/doas.conf file will allow the user to power off and reboot the computer...

permit nopass keith as root cmd reboot
permit nopass keith as root cmd shutdown run the reboot command as a user you type...

foo$ doas reboot a terminal prompt. The command doas reboot can also be used in the Window Manager menus &c.

Start power management daemon apmd and use a script to restart WiFi on resume

See man apmd.

Just type...

foo# rcctl enable apmd
foo# rcctl set apmd flags -A
foo# rcctl start apmd

...the /etc/rc.conf.local file now looks like this...

foo$ cat /etc/rc.conf.local

Type zzz at a terminal prompt to check suspend to RAM. When the laptop resumes, try ping in the terminal to see if the WiFi restarts automatically.

I need to restart networking on resume because of the USB WiFi adaptor, so I use the following three line script in /etc/apm/resume...

foo$ cat /etc/apm/resume
sleep 10          # Gives time for the USB WiFi adaptor to settle
sh /etc/netstart

Use mkdir /etc/apm as root to create the directory. Because /etc/apm/resume is a script use chmod +x /etc/apm/resume to mark the file as executable.

Screen locking when idle and on suspend using xlock

See man xenodm especially the example user .xsession files in the Session Program section. The key fact to keep in mind is that xenodm runs as the user who logged in not as root.

Create a .xsession file in the home directory. For now specify fvwm as the window manager. Mine looks like this...

foo$ cat .xsession
xidle -program "/usr/X11R6/bin/xlock -mode blank -lockdelay 10 -timeelapsed" \
                   -timeout 600  &
exec fvwm

The xidle line comes straight from the xidle man page with minor alterations. See man xlock for the options to the command in quotes. The '&' character at the end of the line runs xidle in the background. The exec fvwm line runs fvwm which we want in the foreground hence no '&'.

To lock the screen when suspending to RAM, a script is needed in /etc/apm/suspend. I copied mine from a blog post by Daniel Jakots...

foo$ cat /etc/apm/suspend
doas -u keith env DISPLAY=:0 XAUTHORITY=/home/keith/.Xauthority xlock &

The doas line is needed to allow root to run a command as user. Two lines are needed in /etc/doas.conf, one for the env command and one for xlock...

permit nopass root as keith cmd xlock
permit nopass root as keith cmd env

At present, if the laptop is suspended while the screen is locked two instances of the xlock program are running on resume, so the password has to be typed in twice. I'm experimenting with a conditional statement in /etc/apm/suspend to check if xlock is already running.

Use doas.conf to allow user mounting of external storage

See OpenBSD FAQ - Disk Setup / Disks and Partitions for background, especially the numbering of disks which follows a different convention to Linux. Skim the man pages for mount, umount, fstab and when installed ntfs-3g for background.

I need to be able to read and write to an NTFS formatted external hard drive, so I install the ntfs_3g package which provides the ntfs-3g command. I also need to read and write to VFAT formatted USB drives. The following lines added to /etc/doas.conf allow the user to mount and unmount drives...

permit nopass keith as root cmd mount
permit nopass keith as root cmd umount
permit nopass keith as root cmd ntfs-3g

Mounting a USB stick to ~/usb as user looks like this...

foo$ mkdir ~/usb
foo$ dmesg | grep sd1
sd1 at scsibus4 targ 1 lun 0: <, USB DISK 2.0, PMAP> removable serial. numbers
foo$ doas mount /dev/sd1i ~/usb
foo$ ls ~/usb

With this VFAT formatted USB stick plugged in, I can mount my NTFS formatted backup drive to ~/backup like this...

foo$ mkdir ~/backup
foo$ dmesg | grep sd2 
sd2 at scsibus5 targ 1 lun 0: <WD, Elements 10B8, 1012> serial. numbers
foo$ ls ~/backup
foo$ doas ntfs-3g /dev/sd2i ~/backup
foo$ ls ~/backup
Music                      System Volume Information
Pix                        X220

Below are the commands for unmounting both drives...

foo$ doas umount ~/usb
foo$ doas umount ~/backup
foo$ ls usb
foo$ ls backup

For some reason, ntfs-3g gives an error message if you try to unmount from /dev/sd2i, so I just unmount from the target directories on my home drive for both commands.

Notice how the man ntfs-3g page uses Linux disk numbering. One example of the difference between OpenBSD base documentation and that for third-party packages.

Configure fvwm to look normal(ish!)

See man fvwm, good reading for rainy days or long commutes. The version in OpenBSD base is very old so be careful of Web searches.

The behaviour of fvwm is defined by a .fvwmrc file. Copy /usr/X11R6/lib/X11/fvwm/.fvwmrc to `~/.jwmrc` and change permissions to alter the styles and actions in the copy, see below...

foo$ cp /usr/X11R6/lib/X11/fvwm/.fvwmrc .fvwmrc
foo$ ls -la
-r--r--r--   1 keith  keith  18178 Jun 22 21:24 .fvwmrc
foo$ chmod 644 .fvwmrc
foo$ ls -la
-rw-r--r--   1 keith  keith  18178 Jun 22 21:24 .fvwmrc

fvwm must be restarted to see the effect of changes to .fvwmrc. from inside a session. The Restart command is provided in the left click menu in the default configuration.

There are many .fvwmrc files to be found on the Web. My current work in progress .fvwmrc file is loosely based on one that Ingo Schwarze posted to the openbsd-misc mailing list some years ago. I've added back some of the bloat he stripped out, I like my Alt-Tab cycling through windows and I like the ability to move and focus a window by clicking on the titlebar.

Configure jwm

See the JWM home page for detailed configuration information. man jwm defines the syntax of the configuration file but lacks the detailed examples available on the Web page.

JWM is a small floating window manager with task bar that is written in C and configured using a single XML file. The default presentation is usable, but the icon paths are not adapted for use on OpenBSD. My .jwmrc is default with a few very small tweaks mainly to the menu for new programs. On OpenBSD the default .jwmrc file is located at /etc/system.jwmrc and at /usr/local/share/examples/jwm/system.jwmrc for some reason.

Use an .Xresources file to customise xterm and other applications

The .Xdefaults file is used to change font and colour settings and to determine the style of the Xterm terminal. My .Xdefaults file is quite long, I like true-type fonts in my terminal like in Firefox and Leafpad so I specify those. I also like scrolling and a light on dark colour scheme. There are much more minimal .Xdefaults files around.

Font hinting and sub-pixel rendering

OpenBSD running an X Windows session has hinting and sub-pixel rendering available by default as the patent issues have been resolved. I have added extra symlinks in my /etc/fonts/conf.d directory as follows...

foo$ ls -l /etc/fonts/conf.d | cut -c 45- 
10-autohint.conf -> /etc/fonts/conf.avail/10-autohint.conf
10-sub-pixel-rgb.conf -> /etc/fonts/conf.avail/10-sub-pixel-rgb.conf
11-lcdfilter-default.conf -> /etc/fonts/conf.avail/11-lcdfilter-default.conf

My .Xdefaults file has some Xft specifications and jwm is compiled with Xft support...

foo$ cat .Xdefaults | grep Xft
Xft.dpi: 96 
Xft.autohint: 0
Xft.lcdfilter: lcddefault
Xft.hintstyle: hintslight
Xft.hinting: 1
Xft.antialias: 1
Xft.rgba: rgb

Using /etc/hosts to block unwanted Web addresses

See man resolv.conf.tail especially the description of the lookup keyword.

OpenBSD's dhclient writes the nameserver address it receives into /etc/resolv.conf each time I connect to WiFi. If I want to use the /etc/hosts file as a way of blocking Web sites, I have to add a /etc/resolv.conf.tail file. That file needs to tell dhclient to look and the hosts file before using DNS to look up the IP of a Web address. My /etc/resolv.conf file is straight out of the handbook...

foo$ cat /etc/resolv.conf.tail
lookup file bind

Popular lists of Web addresses to block such as the WinHelp hosts.txt can end up with MS-DOS endings, so an extra carriage feed after the new line. Those need removing before you copy the entries into /etc/hosts. I used sed with in-place editing...

foo$ sed -i 's/^M$//g' ~/Downloads/hosts.txt

...the ^M represents a carriage return and has to be entered using Ctrl-V, Ctrl M not simply by typing the characters. I append this file to the default /etc/hosts in base.

The daily, weekly and monthly scripts and locate

See man locate and for instance man weekly.

The locate command can find any file on the computer very quickly by searching a database containing an index of all the files. The index is updated by running the /usr/libexec/locate.updatedb command as root which I do now and again. Commands in libexec are usually run by other programs and the directory does not appear in the search path.

OpenBSD base has a series of maintenance scripts that are timed to run daily, weekly and monthly if the computer is switched on 24/7. Desktop system users do not usually run these scripts. One of the things that /etc/weekly does is to run the locate.updatedb command. These commands also send email to root!

Install texlive-minimal from packages

See ports information for texlive-minimal.

Texlive 2019 is available in packages. The huge installation is split over various packages as revealed by pkg_info -Q texlive...

foo# pkg_info -Q texlive

Installing texlive_texmf-minimal-2019 brings the binaries and buildset as dependancies and has been curated to give similar functionality to tetex. And you get clisp 2.49 as a dependency. The whole thing takes around an extra 800Mb in /usr/local.

Keith Burnett. Last modified: Thu Jul 2 20:51:24 BST 2020 | This is a Web page